prifi

module
v0.0.0-...-465a192 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2024 License: AGPL-3.0

README

PriFi: A Low-Latency, Tracking-Resistant Protocol for Local-Area Anonymity Build Status Go Report Card Coverage Status

[!WARNING]
This software is archived and of experimental quality. Do not use it yet for security-critical purposes. Use at your own risk!

Introduction

This repository implements PriFi, an anonymous communication protocol with provable traffic-analysis resistance and small latency suitable for wireless networks. PriFi provides a network access mechanism for protecting members of an organization who access the Internet while on-site (via privacy-preserving WiFi networking) and while off-site (via privacy-preserving virtual private networking or VPN). The small latency cost is achieved by leveraging the client-relay-server topology common in WiFi networks. The main entities of PriFi are: relay, trustee server (or Trustees), and clients. These collaborate to implement a Dining Cryptographer's network (DC-nets) that can anonymize the client upstream traffic. The relay is a WiFi router that can process normal TCP/IP traffic in addition to running our protocol.

For an extended introduction, please check our website.

For more details about PriFi, please check our paper.

Getting PriFi

First, get the Go language, >= 1.13

Then, get PriFi by doing:

go get github.com/dedis/prifi/sda/app
cd $GOPATH/src/github.com/dedis/prifi
make install

Running PriFi

Configuration

PriFi uses ONet as a network framework. It is easy to run all components (trustees, relay, clients) on one machine for testing purposes, or on different machines for the real setup.

Each component (relay/client/trustee) has an ONet configuration : an identity (identity.toml, containing a private and public key), and some knowledge of the others participants via group.toml. For your convenience, we pre-generated some identities in config/identities_default.

Automated Testing, all components in localhost

Travis should have made these check for you; current status: Build Status

What is tested:

  • make test: Go tests for all important modules + Go style (fmt/lint)
  • make it: Integration tests with multiple configurations, no data (simply tests that the PriFi network runs)
  • make it2: Integration tests with multiple configurations + GET request to google.com through PriFi

All-in-one test (tests all 16 configurations in config/, takes 5min):

$ make it2

This test check that PriFi's clients, trustees and relay connect and start performing communication rounds, and that a Ping request can go through (back and forth).
Gonna test with config/prifi-integration-dummydown-test.toml
Socks proxy not running, starting it...[ok]
Starting relay...                      [ok]
Starting trustee 0...                  [ok]
Starting client 0... (SOCKS on :8081)  [ok]
Starting client 1... (SOCKS on :8082)  [ok]
Starting client 2... (SOCKS on :8083)  [ok]
Waiting 20 seconds...
Doing SOCKS HTTP request via :8081...   [ok]
Doing SOCKS HTTP request via :8082...   [ok]
Doing SOCKS HTTP request via :8083...   [ok]
Test succeeded
...

Running only the "main" configuration (takes 20 seconds):

$ ./test.sh integration2 config/prifi.toml

This test check that PriFi's clients, trustees and relay connect and start performing communication rounds, and that a Ping request can go through (back and forth).
Gonna test with config/prifi.toml
Socks proxy not running, starting it...[ok]
Starting relay...                      [ok]
Starting trustee 0...                  [ok]
Starting client 0... (SOCKS on :8081)  [ok]
Starting client 1... (SOCKS on :8082)  [ok]
Starting client 2... (SOCKS on :8083)  [ok]
Waiting 20 seconds...
Doing SOCKS HTTP request via :8081...   [ok]
Doing SOCKS HTTP request via :8082...   [ok]
Doing SOCKS HTTP request via :8083...   [ok]
Test succeeded
All tests passed.
Automated Testing, all components in localhost, with Docker

Same thing as above, but via docker (and hence without the requirement for go):

  • docker run lbarman/prifi

(docker might require sudo on some systems)

Manual Testing, all components in localhost

You can test PriFi by running ./prifi.sh all-localhost. This will run a SOCKS server, a PriFi relay, a Trustee, and three clients on your machine. They will use the identities in config/identities_default.

You can check what is going on by doing tail -f {clientX|relay|trusteeX|socks}.log.

relay.log

You can test browsing through PriFi by setting your browser to use a SOCKS proxy on localhost:8081, or with curl:

curl -w "@curl_format.cnf" --socks5 127.0.0.1:8080 --max-time 10 "http://google.com/"

Running PriFi manually, entity by entity

Move to $GOPATH/src/github.com/dedis/prifi, and open 5 terminals as follows:

like this

Run in order the following commands:

  • ./prifi.sh trustee 0
  • ./prifi.sh relay
  • cd socks && ./run-socks-proxy.sh
  • ./prifi.sh client 0
  • and, after a while curl -w "@curl_format.cnf" --socks5 127.0.0.1:8080 --max-time 10 "http://google.com/"

The result should look like this.

Using PriFi in a real setup

To test a real PriFi deployement, first, re-generates your identity (so your private key is really private). The processed is detailed in the README about ./prifi.sh startup script.

Reproducing experiments

You need a Deterlab account, which needs to be setup in the following config file.

In Deterlab, deploy the following topology.

Then, simply run ./simul.sh simul; as you can see in simul.sh, there are dozen of commands to regenerate the various graphs, e.g., simul-vary-nclients, simul-skype, etc.

Reproducing graphs

Experiments produce raw log files; then, they are processed into graph using some scripts. This happens in this other repo, where all raw logs & resulting graphics have been preserved for reproducibility.

More documentation

Directories

Path Synopsis
Package prifi contains the implementation of the PriFi protocol.
Package prifi contains the implementation of the PriFi protocol.
config
Package config contains the cryptographic primitives that are used by the PriFi library.
Package config contains the cryptographic primitives that are used by the PriFi library.
log
net
sda
app
Prifi-app starts a cothority node in either trustee, relay or client mode.
Prifi-app starts a cothority node in either trustee, relay or client mode.
services
Package prifi-sda-service contains the SDA service responsible for starting the SDA protocols required to enable PriFi communications.
Package prifi-sda-service contains the SDA service responsible for starting the SDA protocols required to enable PriFi communications.
Package timing contains utility functions to measure execution times.
Package timing contains utility functions to measure execution times.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL